Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://hackerone.com/reports/311244 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2018-07-03T21:00:00Z
Updated: 2024-09-16T18:29:31.999Z
Reserved: 2017-12-28T00:00:00
Link: CVE-2018-3754
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-03T21:29:00.793
Modified: 2024-11-21T04:06:00.760
Link: CVE-2018-3754
Redhat
No data.